A Guide to Pokemon Go, with half a million downloads, has turned out to be a malicious app, research has found.
The app was posing as a guide to the hugely popular Pokemon Go game, a report on Kapersky blog explains.
The app is known as a Trojan and is used by cyber criminals to steal confidential details from devices.
By using several layers of obfuscation, the malicious app was able to go undetected by Google Play’s malware detection mechanisms.
Once rooted in a device it is capable of downloading unwanted files and stealing information from users.
Watch: Pokemon Go tips and tricks
Related: Latest Pokemon Go update explained
The app is programmed to lie dormant and determine whether the device is real or an emulated machine.
Once the malware determines that the device is real, it starts sending the user’s information to criminals.
The app can gain access to the root file on Android handsets and tablets through vulnerabilities discovered in Android devices between 2012 and 2015. This, in theory, can grant it complete control over the device.
Google did release patches to fix these vulnerabilities but it is unlikely all Android devices have them in use.
Of course, 500,000 downloads does not mean 500,000 infections. However, Kapersky researchers found 6,000 successful infections across Russia and Asia.
What’s more, the malware was intended to target English speaking users, making Europe a likely target.
Watch: Is Pokemon Go a massive waste of time?
Do you know anyone who has been targeted by the malicious app? Let us know in the comments below.